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Fig. 1 
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Fig. 2 



Back-Office Application Plug-Ins 




User Application Plug-Ins 



10 /> 
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Data Flow 
Program Flow 



Fig. 3 
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Fig. 4 
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Fig. 5 
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si so 




Fig. 6 



Extract usemame and 
password values from 
fields in web page or pop- 
up dialog 



SlSC 



Store usematne/password 
pair and identity of 
destination web site in 
system database 



HZ 




System 
database 




Data How 

Program control flow 
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Recording 
— Browser 

-DataToRecord 

" -URI^Yes 



r 1 



Fig. 7 



L 



— HTML=Yes 

— SubmittedFields=Yes 
I— passwords=Yes 

— WhenToStaitRecording 
V- WhenBrowserIsOpened=No 

— tfCreditCardNumberSubraitted=Yes 

— ifPasswordSubroirted=Yes 
— lfKeywordsReceived=Yes 

— IfKeywordsSent=Yes 

WhenToStopRecording 

U-WhenUserClosesBrowser=Yes 

\- WhenUserChangesSite=Yes 

U WhenUserChangesPage=No 

1— Email 

— DataToRecord 

U- SentMail 

I— UnsignedMessages=Yes 

1— Attachments=No 
— SignedMessages=Yes 

|-MessageText=Yes 
|— Attachments=Yes 
L Certificates=Yes 

— ReceivedMail 

J— UnsignedMessages=Yes 

j— MessageText=Yes 

L_ Attachrnents=No 

- SignedMessages=Yes 

EMessageTextsYes 
Attachments=Yes 
Certificates=Yes 

—WhenToRecord 
l_ SentMail 

UAH=No 

- IfMailContainsCreditCardNumber= Yes 

- IfMailContainsKeywords=Yes 
L ifMailIsDigitallySigned=Yes 

—ReceivedMail 

Ua11=No j v 

U- IfMailContainsKeywords=ies 

L- ifMailIsDigitallySigned=Yes 
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Start 



Scan transmission buffer 
for next all-digit string 
(CCN candidate) 



SI 6* 




Calculate Luhn 
checksum of CCN 
candidate 




Fig. 8 



No valid CCN found in 

buffer - allow 
transmission to server . 



Transaction denied - 
prevent transmission to 
server. 



Transaction approved - 
allow transmission to 
seo/er. 



T < 



G5D 
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YES 




sin 



Fig. 9 



Look up certificate in 
system database 




£10L 

I 



Add certificate to 
system database 



$104. 



1 



Obtain history of validation 
checks, transactions etc from 
database and use policy business 
rules to determine if validity 
check required. 



52.10 



Perform on-line 
certificate validity check 



1 



Update database with 
results 



5115 , 



Reject transmissions 
reliant on invalid 
certificate 




Accept transmissions 
reliant on valid 
certificate 



6Z00 



End ^ ) 




Data flow 

Program control' flow 
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Policy 



DigitalCertificates . 
Acce ptanceConfidenceRatmg 

|— IdentityCertificates 

I— AlwaysAccepffromsttable a] 
— AlwaysCheckFrom=[tableb] 

-ChecWfDaysSinceCertificateReceivedFromCompa n y=10 

— checldfDaysSinceLastReceivedThisCertificate=30 

—MonetaryCertificates 

I— AlwaysAcceptFrom=[table x] 
— AlwaysCheckFrom=[table y] 

— CheckIfAmountExceeds=10000 
— IfRecentlyChedced 

L_DaysSinceLastChecked=30 
I— MaximumAmoant=5000 



Fig. 10 
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c 



Re-Validate 
Certificate 
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Look up site in policy- 
based list of sites that 
use secure connections 
but are known not to 
be e-commerce sites 




E-commerce 
transaction is not 
occurring 
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Policy 

l_ Transactions 

- Identification 



ificauon v 
LifConnectionGoesSecure=Yes 

UExcludedSites=luble q] 

_IfCteditCardNumberPresent=Yes 

LpreviousPages-2 
_If\ccountCodePreseQt=Yes 

* LAccountCodes=ttabler] 
LlfKnownECommerceSite=Yes 
\ l_KnownSites=(table s] 
L if OtherInacatorPresent=Yes 
LKeywords=[table t] 
LpreviousPages=6 

.WhenSiteCbanges=Yes 
- ifDigLtalReceiptRec«ved=Yes 
_ AfterNumbeiOfPages=20 



T 3ble^ExdudedSit«_ 
www.hounail.com 
www.passpori.com 
ibankoD.barclays.co.uk 
www.rtwolb.co.uk_ 

ecomm.us.dell.com/dellstore 

buy.supersaver.co.uk 
www.bootoforal^com^sket 



Table r - Account Codes ^ . 


Account 
Code 


Previous Pages To 
Record _ 


21321234 


2 


ORCH01 


6 


58734 . 


1 


PETEK304 


0 

J— ■ 



Table t - Ke ywords 
"receipt* 1 

-thaak you for your order" 
"order confi rmation^ 



Fig. 13 
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£270 



.4 



I 



Examine data received or 
transmitted for indications that 
a transaction is occurring or 

has just occurred. 
See flowchart Identifying a 
transaction'. 



Fig. 14 



S2-7Z. 




Data flow 
Program control flow 



SZ7& 



Examine policy settings 
appropriate to type of 
transaction, Identity of 
sender, and amount of 
transaction 




YES 



Retrieve earlier 
transmissions 
from local cache 
store 



Store relevant 
transmissions together with 
transaction data, user 
identity and other related 
information in system 
database 



System 
database 
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End-user 
process 




Fig. 15 



Identify appropriate 
approver based on 

end-user's identity and 
size and nature of 

proposed transaction 



<;z% 



Submit request for 
approval 




YES jr 

m < Approved? 



Allow transaction 
to proceed 



Approver 
process 




00 




System 
approvals 
queue 



Abandon 
transaction 



Retrieve request 
end determine 
correct response 
(approval or 
rejection) 



Send response 
(approval or 
rejection) 



Data Row 
program control flow 



I 



s 

sen 



T 
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Policy 

L— TransactionApproval 

■ MaximumUnapprovedTransactioDAmount = 500 

— .MaximumUnapprovedOMoaihlyAinount-2500 

Excl\:dedSites = [table e] 

Approvers = [table f] 



Table f - Approvers 


Useroame 


Limit 


Excluded Sites 


F Smith 


S500 


www. dell, com 


R Jones 


S10C0 


www.dell.com; 
www, officemax.com 


F Healy 


Unlimited 


none 



Fig. 16 
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TransrnittedDataSecurity 

I — RequiredEncryptionLevel 
— Passwords=40 
— CreditCardNumbers 

tCompany=128 
PersonaJ=128 
— SubmittedKeywords=40 
OtherSubmittedDaxa=None 



Fig- 17 
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Fig. 18 
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Determine sensitivity of 
user data by reference 
to policy settings 



Determine secunty 
level of transmission 
link to server 







Abandon 


Allow transmission 




transmission of 


of user data 




user data 




I 



End 



D C 



End 




Renegotiate security 
level of transmission 

link 
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